Certified Information Systems Auditor (CISA®) — A 4 day course

Synopsis

This class is intended as a hard core preparation for ISACA's professional certification exam for the Certified Information Systems Auditor (CISA). This course is not intended as a comprehensive IT auditing and assurance class covering non-exam related topics, however each of the 5 domains of the CISA exam will be covered and the content is focused on concise exam preparation to give you all what you need for the exam and none of what you don't need.

The ISACA Handbook and other books are available to purchase to support your learning. These are not included in the course fee.

Objectives

This seminar has been designed to prepare Delegates for the CISA examination by enabling them to supplement their existing knowledge and understanding so as to be better prepared to pass the exam, as defined by ISACA.

Contents

Domain 1 - The Process of Auditing Information Systems (14%)

Provide audit services in accordance with IT audit standards to assist the organization in protecting and controlling information systems.

1.1 Develop and implement a risk-based IT audit strategy in compliance with IT audit standards to ensure that key areas are included.

1.4 Report audit findings and make recommendations to key stakeholders to communicate results and effect change when necessary.

1.5 Conduct follow-ups or prepare status reports to ensure appropriate actions have been taken by management in a timely manner.

Domain 2 - Governance and Management of IT (14%)

Provide assurance that the necessary leadership and organization structure and processes are in place to achieve objectives and to support the organization's strategy.

2.1 Evaluate the effectiveness of the IT governance structure to determine whether IT decisions, directions and performance support the organization's strategies and objectives.

2.2 Evaluate IT organizational structure and human resources (personnel) management to determine whether they support the organization's strategies and objectives.

2.3 Evaluate the IT strategy, including the IT direction, and the processes for the strategy's development, approval, implementation and maintenance for alignment with the organization's strategies and objectives.

2.4 Evaluate the organization's IT policies, standards, and procedures, and the processes for their development, approval, implementation, maintenance, and monitoring, to determine whether they support the IT strategy and comply with regulatory and legal requirements.

2.5 Evaluate the adequacy of the quality management system to determine whether it supports the organization's strategies and objectives in a cost-effective manner.

2.6 Evaluate IT management and monitoring of controls (e.g., continuous monitoring, QA) for compliance with the organization's policies, standards and procedures.

2.7 Evaluate IT resource investment, use and allocation practices, including prioritization criteria, for alignment with the organization's strategies and objectives.

2.8 Evaluate IT contracting strategies and policies, and contract management practices to determine whether they support the organization's strategies and objectives.

Provide assurance that the practices for the acquisition, development, testing, and implementation of information systems meet the organization's strategies and objectives.

3.1 Evaluate the business case for the proposed investments in information systems acquisition, development, maintenance and subsequent retirement to determine whether it meets business objectives.

3.2 Evaluate the project management practices and controls to determine whether business requirements are achieved in a cost-effective manner while managing risks to the organization.

3.3 Conduct reviews to determine whether a project is progressing in accordance with project plans, is adequately supported by documentation and status reporting is accurate.

3.4 Evaluate controls for information systems during the requirements, acquisition, development and testing phases for compliance with the organization's policies, standards, procedures and applicable external requirements.

3.5 Evaluate the readiness of information systems for implementation and migration into production to determine whether project deliverables, controls and organization's requirements are met.

4.5 Evaluate the process of information systems maintenance to determine whether they are controlled effectively and continue to support the organization's objectives.

4.6 Evaluate data administration practices to determine the integrity and optimization of databases.

4.7 Evaluate the use of capacity and performance monitoring tools and techniques to determine whether IT services meet the organization's objectives.

4.8 Evaluate problem and incident management practices to determine whether incidents, problems or errors are recorded, analyzed and resolved in a timely manner.

4.9 Evaluate change, configuration and release management practices to determine whether scheduled and non-scheduled changes made to the organization's production environment are adequately controlled and documented.

4.10 Evaluate the adequacy of backup and restore provisions to determine the availability of information required to resume processing.

4.11 Evaluate the organization's disaster recovery plan to determine whether it enables the recovery of IT processing capabilities in the event of a disaster.

Domain 5 - Protection of Information Assets (30%)

Provide assurance that the organization's security policies, standards, procedures and controls ensure the confidentiality, integrity and availability of information assets.

5.2 Evaluate the design, implementation and monitoring of system and logical security controls to verify the confidentiality, integrity and availability of information.

5.3 Evaluate the design, implementation, and monitoring of the data classification processes and procedures for alignment with the organization's policies, standards, procedures, and applicable external requirements.

Suitable For

Examination

The CISA Examination has a multiple-choice format and consists of one four-hour paper consisting of two hundred multiple choice questions. The examination tests a candidate's knowledge of IS audit principles and practices as well as technical content areas. The exam covers the five IT auditing job dimensions (domains) and those tasks that are routinely performed by a CISA.

Prerequisites

There are no set pre requisite for this course.

Please note, the ISACA do require a minimum of five years' professional information systems auditing, control or security work experience to qualify for full certification. You can take the CISA exam prior to meeting ISACA's experience requirements, but the CISA qualification will not be awarded until all requirements are met.